[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_1-56-g2eaca50
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_1-56-g2eaca50 |
Date: |
Wed, 31 Aug 2011 14:57:27 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2eaca501440bf2fdfd59e26420a7f714c32b4071
The branch, gnutls_3_0_x has been updated
via 2eaca501440bf2fdfd59e26420a7f714c32b4071 (commit)
via 240cae972d30ca4de7ead5f85b8bea113bef437a (commit)
via 169c735162ab5ae822ac78223ac41db6c84e5ba5 (commit)
via 8cf2b1124020d25a9afc97d25f48e60f7e751ff1 (commit)
from 8123433d59c2ffec61717f4118114bbef8f56b73 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2eaca501440bf2fdfd59e26420a7f714c32b4071
Merge: 8123433 240cae9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Aug 31 16:57:21 2011 +0200
Merge branch 'master' into gnutls_3_0_x
-----------------------------------------------------------------------
Summary of changes:
NEWS | 8 ++++++++
doc/cha-gtls-app.texi | 5 +++++
doc/printlist.c | 2 +-
lib/gnutls_handshake.c | 31 ++++++++++++++++++-------------
lib/gnutls_int.h | 9 +++++----
lib/gnutls_priority.c | 15 ++++++++++++---
6 files changed, 49 insertions(+), 21 deletions(-)
diff --git a/NEWS b/NEWS
index 7bfcd36..e1e245d 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,14 @@ See the end for copying conditions.
* Version 3.0.2 (unreleased)
+** libgnutls: OpenPGP certificate type is not enabled
+by default.
+
+** libgnutls: Added %NO_EXTENSIONS priority string.
+
+** libgnutls: Corrected issue in gnutls_record_recv()
+triggered on encryption or compression error.
+
** libgnutls: Compatibility fixes in CPU ID detection
for i386 and old GCC.
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index ea43dde..b1d364e 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -402,6 +402,11 @@ will enable compatibility mode. It might mean that
violations
of the protocols are allowed as long as maximum compatibility with
problematic clients and servers is achieved.
address@hidden %NO_EXTENSIONS @tab
+will prevent the sending of any TLS extensions in client side. Note
+that TLS 1.2 requires extensions to be used, thus this option must
+be used with care.
+
@item %DISABLE_SAFE_RENEGOTIATION @tab
will disable safe renegotiation
completely. Do not use unless you know what you are doing.
diff --git a/doc/printlist.c b/doc/printlist.c
index ac6c1d2..3abea70 100644
--- a/doc/printlist.c
+++ b/doc/printlist.c
@@ -200,7 +200,7 @@ const char* _name;
puts( headers);
-printf("\\begin{supertabular}{|p{.60\\linewidth}|p{.15\\linewidth}|p{.10\\linewidth}|}\n");
+printf("\\begin{supertabular}{|p{.64\\linewidth}|p{.12\\linewidth}|p{.09\\linewidth}|}\n");
{
size_t i;
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e214ea0..9617ac9 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1841,7 +1841,8 @@ _gnutls_send_client_hello (gnutls_session_t session, int
again)
*/
if (!session->internals.initial_negotiation_completed &&
session->security_parameters.entity == GNUTLS_CLIENT &&
- gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ (gnutls_protocol_get_version (session) == GNUTLS_SSL3 ||
+ session->internals.priorities.no_extensions != 0))
{
ret =
_gnutls_copy_ciphersuites (session, &extdata, TRUE);
@@ -1868,21 +1869,25 @@ _gnutls_send_client_hello (gnutls_session_t session,
int again)
/* Generate and copy TLS extensions.
*/
- if (_gnutls_version_has_extensions (hver))
- type = GNUTLS_EXT_ANY;
- else
+ if (session->internals.priorities.no_extensions == 0)
{
- if (session->internals.initial_negotiation_completed != 0)
- type = GNUTLS_EXT_MANDATORY;
+ if (_gnutls_version_has_extensions (hver))
+ type = GNUTLS_EXT_ANY;
else
- type = GNUTLS_EXT_NONE;
- }
+ {
+ if (session->internals.initial_negotiation_completed != 0)
+ type = GNUTLS_EXT_MANDATORY;
+ else
+ type = GNUTLS_EXT_NONE;
+ }
+
+ ret = _gnutls_gen_extensions (session, &extdata, type);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
- ret = _gnutls_gen_extensions (session, &extdata, type);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
}
ret = _mbuffer_append_data (bufel, extdata.data, extdata.length);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index c0df2a5..7ad7720 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -553,11 +553,12 @@ struct gnutls_priority_st
priority_st supported_ecc;
/* to disable record padding */
- int no_padding:1;
- int allow_large_records:1;
+ unsigned int no_extensions:1;
+ unsigned int no_padding:1;
+ unsigned int allow_large_records:1;
safe_renegotiation_t sr;
- int ssl3_record_version:1;
- int additional_verify_flags;
+ unsigned int ssl3_record_version:1;
+ unsigned int additional_verify_flags;
};
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 90e7006..22641bf 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -486,7 +486,12 @@ static const int mac_priority_secure192[] = {
0
};
-static int cert_type_priority[] = {
+static const int cert_type_priority_default[] = {
+ GNUTLS_CRT_X509,
+ 0
+};
+
+static const int cert_type_priority_all[] = {
GNUTLS_CRT_X509,
GNUTLS_CRT_OPENPGP,
0
@@ -681,7 +686,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
{
_set_priority (&(*priority_cache)->protocol, protocol_priority);
_set_priority (&(*priority_cache)->compression, comp_priority);
- _set_priority (&(*priority_cache)->cert_type, cert_type_priority);
+ _set_priority (&(*priority_cache)->cert_type,
cert_type_priority_default);
_set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
_set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
i = 0;
@@ -845,7 +850,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0)
{
bulk_fn (&(*priority_cache)->cert_type,
- cert_type_priority);
+ cert_type_priority_all);
}
else
{
@@ -899,6 +904,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
(*priority_cache)->no_padding = 1;
(*priority_cache)->allow_large_records = 1;
}
+ else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0)
+ {
+ (*priority_cache)->no_extensions = 1;
+ }
else if (strcasecmp (&broken_list[i][1],
"VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
{
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_1-56-g2eaca50,
Nikos Mavrogiannopoulos <=